[emidln]

No system I've been exposed to was defeated by a simple replay attack. You needed the shared secret and the click count (plus proprietary algorithm), which would be incorporated into the OTA message. Most LF systems are pretty low-bandwidth as well, and lock out quite quickly.

[gnaffle]

To clarify, I'm not talking about a replay attack. It's a _relay_ attack where they use the RF signal transmitted by the actualy car/key, just over a bigger distance than you would normally expect.